ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

I need help coming up with a plan to fix my NTFS security permissions problems

<< < (2/7) > >>

superboyac:
I did use SetACL studio, it is good.  I've done a few rounds of these...I used setacl, i also did a lot with that advanced settings area in the normal properties dialog.  I did take ownership.  I did most of this with the array connected.

I think my plan should be to take ownership of the individual disks while not in the array, because once it's connected, i can't even access the files.  does it matter if i take ownership of a root ?  do i need to do all the subdirectories individually?  i don't think so, that's the point of all these tools.

superboyac:
friends, I'm still having difficulty with this.  I kind of feel i'm not understanding something about ntfs security or permissions.  But also, am I crazy, or is the developer in the thread below not being terribly helpful?  He has (understandably) refused to help out with ntfs issues that are unrelated to his product.  But I can't tell if I'm being annoying or if he's just being difficult.  I don't really care either way, I'd just like to be aware if I am having a fundamental misunderstanding about something.  here's the thread:
http://forum.flexraid.com/index.php/topic,4984.0.html

some of my personal questions:
--are there such things as "standard" ntfs permissions?  if so, is there a way to quickly restore them once they have been manually removed?  I removed them accidentally, and I'd love to restore them back to default, but the only way i know to restore anything is to set each permission one by one and propagate them through the subfolders.  That is very manual.  is there any button i can press to just reset it back to some default mode?

--i'm think i'm going to just reinstall the whole os, format all the disks, and start from scratch.  I'll never mess with ntfs permissions again, i don't have a need to anyway.

40hz:
Did you also check your share permissions?

There are two separate security mechanisms (besides group policies) on Wndows server: NTFS permissions and share permissions. If the two permission levels conflict, Windows server will chose the more restrictive permissions granted.

The whole topic of shares vs NTFS permissions can get a little complicated if you let it. And there's some subtleties involved so you may want to Google and read up on them if you're not familiar with the topic. If you're not careful about how and where to use them, you can create a real file access quagmire for yourself on a Windows server. Even the "pros" get confused from time to time when using them.

Find a good overview here: https://technet.microsoft.com/en-us/library/Cc754178.

tl;dr version:

If permission conflicts are causing the problem, the following from the above link is the short easy solution most of us will use in order to fix a mess enough to redo it (and sometimes screw it up even worse if we try to get too fancy afterwards):

The following table suggests equivalent permissions that an administrator can grant to the Users group for certain shared folder types. Another approach is to set share permissions to Full Control for the Everyone group and to rely entirely on NTFS permissions to restrict access.
--- End quote ---

Note: if it's just you - and only you - who will ever be accessing the server, you can also simply grant Full Control permission for the Everyone group across the board and be done with it. Later on, if you decide to give someone else access, you can alway redo your NTFS permissions to add any needed restrictions. Most personal standalone file servers are set up that way. Once you're in - you're in!

You'll want to be a little careful with Internet access if you go that route however. With that arrangement, about the only time that fileserver should be allowed to connect to the Internet is to get Microsoft and AV updates.

Stoic Joker:
Note: if it's just you - and only you - who will ever be accessing the server, you can also simply grant Full Control permission for the Everyone group across the board and be done with it.-40hz (August 13, 2015, 08:59 AM)
--- End quote ---

O_O ... Ggaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!

wraith808:
Note: if it's just you - and only you - who will ever be accessing the server, you can also simply grant Full Control permission for the Everyone group across the board and be done with it.-40hz (August 13, 2015, 08:59 AM)
--- End quote ---

O_O ... Ggaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!
-Stoic Joker (August 13, 2015, 11:17 AM)
--- End quote ---

I think something broke...

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version